Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
See why Qlik is a Leader in the 2024 Gartner® Magic Quadrant™ for Analytics & BI Platforms. Download Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Rehan
Creator III
Creator III
‎2019-08-21 10:36 AM

Qlik Web Connector Issue

I just installed Web Connectors 2.44.5.21946 (June 2018).   Its working fine and accessible from outside the server to. But right now I am accessing it using http:. The problem with that is I am not able to use the "Manage Users'" tab cuz that tab is only available on local host or SSL(https). Please see the attached screen shot. I created the SSL certificate as per Qlik instructions and it did say that the cert is added successfully. But when I change the Require SSL to "true" in the deploy.config file. Qlik Web Connector service does not start.  What am I missing here .

 

 

Preview file
55 KB
4,946 Views
0 Likes
1 Solution

Accepted Solutions
Miguel_Angel_Baeyens
Employee
Employee
‎2019-08-22 11:31 AM

In response to Rehan

There are no errors in that log that I can see.

Please elaborate much more on what you do and what you see, else we are working blind. Among others:

  1. Is the service running? If not, which error displays? Does it crash? Does it say "Running" but not responding from the browser? Does it start then stop?
  2. Does the Windows Event Viewer show any error or warning at the time of the service starting?
  3. Is it something you see on the browser?
  4. Is the certificate in the right certificate store?
  5. Does the netsh command show that the port binding worked and the certificate is on port 5555?
  6. What else is installed in that computer?
  7. Is the account running the Qlik Web Connectors a local admin?

For readability, it would be useful if you attach a proper txt file with the logs instead of copy pasting them directly.

View solution in original post

4,992 Views
0 Likes
10 Replies
Miguel_Angel_Baeyens
Employee
Employee
‎2019-08-21 10:46 AM

Is AllowRemoteAccess also set to true in the deploy.config? What error shows in the log?

https://help.qlik.com/en-US/connectors/Subsystems/Web_Connectors_help/Content/Connectors_QWC/Adminis...

4,524 Views
Rehan
Creator III
Creator III
‎2019-08-21 10:55 AM
Author

In response to Miguel_Angel_Baeyens

Yes Allow Remote access is set to true and that is why I am able to access it from outside the server

4,520 Views
0 Likes
Miguel_Angel_Baeyens
Employee
Employee
‎2019-08-21 11:16 AM

In response to Rehan

And any errors in the logs? How Authentication and FormsAuthentication is set up?

4,514 Views
0 Likes
Rehan
Creator III
Creator III
‎2019-08-21 11:33 AM
Author

In response to Miguel_Angel_Baeyens

Here is my deploy file

4,510 Views
0 Likes
Rehan
Creator III
Creator III
‎2019-08-21 11:36 AM
Author

In response to Rehan

<Deploy>

<!--
You will need to restart Qlik Web Connectors if you make changes to this file.
-->

<!--
*************************************************************************
Settings between these lines are supported in current version.
-->
<Port>5555</Port>

<Authentication>

<!--
Set to
None
This will run Qlik Web Connectors without any concept of users or access tokens, which have been
introduced in the new web version to support users accessing the application from separate machines.

This is the quickest and easiest way to get up and running and if used in conjunction with
AllowRemoteAccess set to false is a straight swap in replacement for the WinForms edition.

or
FormsAuthentication
Use this value if you would like users to sign in to Qlik Web Connectors from other machines and be able to
generate load scripts which are secured with an access token and whitelisted IP addresses.

or
WindowsAuthentication
Not currently supported. Please contact us at http://www.qlik.com/services/support if you require this.
-->
<Type>FormsAuthentication</Type>

<FormsAuthentication>
<CryptographyConfiguration>
<!--
These values are used when encrypting the authentication cookies used for maintaining
a users logged in status with Forms authentication.
-->
<RijndaelEncryptionProvider_Passphrase>SuperSecretPass123</RijndaelEncryptionProvider_Passphrase>
<DefaultHmacProvider_Passphrase>UberSuperSecure123</DefaultHmacProvider_Passphrase>
</CryptographyConfiguration>
<!--
The PasswordChecker element should contain one of the following. SaltedPBKDF2SHA1PasswordChecker
is recommended as it is the most secure. Setting the EnableUserManagement element to true and
using the inbuilt UI to manage users is also recommended.

PlainTextPasswordChecker - User XML element should contain a Password element containing plain text password.
SHA512PasswordChecker - User XML element should contain a PasswordHash element containing UTF8 SHA512 base 64 encoded password hash.
SaltedPBKDF2SHA1PasswordChecker - Uses a salted hash (RECOMMENDED).
-->
<PasswordChecker>PlainTextPasswordChecker</PasswordChecker>
</FormsAuthentication>

</Authentication>

<Proxy>
<UseProxy>false</UseProxy>
<ProxyAddress></ProxyAddress>
<ProxyUsername></ProxyUsername>
<ProxyDomain></ProxyDomain>
<ProxyPassword></ProxyPassword>
</Proxy>

<!--
Whether to allow access from remote machines (i.e. non localhost).
-->
<AllowRemoteAccess>true</AllowRemoteAccess>

<!--
******************************************************************************************************
********** This replaces the <AllowConnectorsFileSystemAccess> element in previous versions **********
******************************************************************************************************

Some connectors can read/write to disk, this element lets you whitelist which paths the connectors are permitted to access.

Notes:
* Multiple paths should be delimitted with a semicolon (;).
* If you want to white list ALL paths use a *
* This setting applies across all connectors.
* The account running the connector exe must also have permission to access any file in question.
* Leaving it empty is equivalent to denying the connectors file system access.

Some Examples:
c:\QWC\TempFiles;c:\SomeOtherDirectory
c:\
<FileSystemAccessAllowedPaths>*</FileSystemAccessAllowedPaths>
-->
<FileSystemAccessAllowedPaths></FileSystemAccessAllowedPaths>

<ConnectorConfig>
<!-- Some connectors have connector specific configuration options which are managed here -->
<Connector>
<WebConnector>
<AllowLocalHostAccess>false</AllowLocalHostAccess>
</WebConnector>
<SugarCRMConnector>
<AllowLocalHostAccess>false</AllowLocalHostAccess>
</SugarCRMConnector>
<TextAnalyser_RepustateConnector>
<AllowLocalHostAccess>false</AllowLocalHostAccess>
</TextAnalyser_RepustateConnector>
<MongoDBConnector>
<AllowLocalHostAccess>false</AllowLocalHostAccess>
</MongoDBConnector>
<MSCRMConnector>
<AllowLocalHostAccess>false</AllowLocalHostAccess>
</MSCRMConnector>
<ODataConnector>
<AllowLocalHostAccess>false</AllowLocalHostAccess>
</ODataConnector>
<JIRAConnector>
<AllowLocalHostAccess>false</AllowLocalHostAccess>
</JIRAConnector>
<SMTPConnector>
<AllowLocalHostAccess>false</AllowLocalHostAccess>
</SMTPConnector>
<MailboxIMAPConnector>
<AllowLocalHostAccess>false</AllowLocalHostAccess>
</MailboxIMAPConnector>
<MailboxPOP3Connector>
<AllowLocalHostAccess>false</AllowLocalHostAccess>
</MailboxPOP3Connector>
</Connector>
</ConnectorConfig>


<LoggingLevel>Info</LoggingLevel>

<!-- This shows the user management API and enables the API which supports it. -->
<EnableUserManagement>true</EnableUserManagement>

<!--
This is the name used in the generated load script.
This is set automatically to localhost or machine name depending on your
other settings but you can also override it here (if AllowRemoteAccess is set
to true).
-->
<HostnameOverride></HostnameOverride>

<!--
Default allowed IP addresses for new users.
From most to least secure:
<empty>
<comma separated list of ip addresses>
{current_ip_address}
any
-->
<DefaultAllowedIpAddresses></DefaultAllowedIpAddresses>

<RequireSSL>false</RequireSSL>

<!--
Settings between these lines are supported in current version.
*************************************************************************
-->

<!--
*************************************************************************
We would not recommend editing the following settings at present.
-->

<Theme>default</Theme>

<CompressHTTP>true</CompressHTTP>

<!--
Comma separated List of Connector IDs to be excluded from this deployment.

They will be shown in the connector list but if you try to use them an error will occur.
-->
<DisabledConnectors></DisabledConnectors>

<!--
Set this to limit the maximum number of rows which will be generated for a request in
the UI. This can help improve performance. Note at present you may still get more rows
than this but this system will attempt to cancel any more API requests after this
threshold is reached.

Set to 0 to ignore this.
-->
<MaxRowsInUI>5000</MaxRowsInUI>

<Providers>

<!--
Only used for forms auth.
-->
<FormsUsers provider="FileBasedFormsUsersProvider" config="{app_root}/logins.xml"></FormsUsers>

<!--
User specific data, for both connector configuration and global
Implementation of APIConnectorInterfaces.Interfaces.Connector_Services.ISettingsStorer
Which takes a config string in the constructor.
-->
<UserSettings provider="FileBasedSettingsProvider" config="{app_root}/App_Data/{user_id}/UserSettings.xml"></UserSettings>

<!--
Connector settings for a specific user.
-->
<ConnectorSettings provider="FileBasedSettingsProvider" config="{app_root}/App_Data/{user_id}/ConnectorSettings.xml"></ConnectorSettings>

<!--
User specific log implementation. Note that the logging level is currently set using
the LoggingLevel element in deploy.config and if this is set to Off it will also
override this setting.
-->
<UserLogs enabled="true" provider="FileBasedLogger" config="{app_root}/App_Data/{user_id}/Logs"></UserLogs>

<!--
System wide log implementation. Note that the logging level is currently set using
the LoggingLevel element in deploy.config and if this is set to Off it will also
override this setting.
-->
<GlobalLogs enabled="true" provider="FileBasedLogger" config="{app_root}/App_Data/Logs"></GlobalLogs>

<!--
User specific API call logger.
-->
<UserAPICallLogs enabled="true" provider="FileBasedLogger" config="{app_root}/App_Data/{user_id}/Logs/APICalls"></UserAPICallLogs>

<!--
User specific cached data Implementation of APIConnectorInterfaces.Interfaces.Connector_Services.ICache
Which takes a config string in the constructor.
-->
<Cache provider="FileBasedCacheProvider" config="{app_root}/App_Data/{user_id}/{connector_id}_Cache/"></Cache>

</Providers>

</Deploy>

4,507 Views
0 Likes
Miguel_Angel_Baeyens
Employee
Employee
‎2019-08-22 09:12 AM

In response to Rehan

So I just tested on my laptop and a blank VM, and these are my findings:

  1. When you create the certificate, in addition to installing it on the Web Connectors server you also need to install it on any other computer who is going to do https://servername:5555/ under "Trusted Root Certification Authorities"
  2. The certificate to be installed in point 1 needs to be first exported with private keys 
  3. At the very least, you need to change the following lines in the deploy.config (with the service stopped helps, but not a requirement)
    1. <RequireSSL>true</RequireSSL>
    2. <HostnameOverride>servername</HostnameOverride> <!-- done during the step 1 certificate process -->
    3. <AllowRemoteAccess>true</AllowRemoteAccess>
    4. <Type>FormsAuthentication</Type>
    5. <FormsUsers provider="FileBasedFormsUsersProvider" config="{app_root}/logins.xml"></FormsUsers> <!-- with the folder where the logins.xml file is going to be stored -->
  4. Then you need to adjust the logins.xml file to your security needs. Any additional user you create on the Web Connectors interface will be stored here, so using the one already in the folder as a starting point is not a bad idea.

I did that, I can now connect from a different computer to https://servername:5555/ and manage users.

Next step is doing the same with hashed or encrypted passwords.

4,462 Views
0 Likes
Rehan
Creator III
Creator III
‎2019-08-22 09:41 AM
Author

In response to Miguel_Angel_Baeyens

Did you mean to change the {app_root} to the actual file location ? I applied the same changes but no luck the Qlik Web Connector service won't start.

4,457 Views
0 Likes
Miguel_Angel_Baeyens
Employee
Employee
‎2019-08-22 10:11 AM

In response to Rehan

I left that part untouched, as I was in a hurry using the defaults. You don't need to change that unless it's not under the root installation folder.

Which error does the service returns in the logs (App_Data\Logs in the Qlik Web Connector folder) for not starting?

4,453 Views
0 Likes
Rehan
Creator III
Creator III
‎2019-08-22 10:28 AM
Author

In response to Miguel_Angel_Baeyens

Here is the log

 

</LogEntry>
<LogEntry version="1.0.3">
<Id>0a267d5a-0c6a-44bf-84c2-3ef9a4fb2864_8</Id>
22-08-2019 10:16:28.258
<Type>Info</Type>
<Sender>APIConnectorWeb.Nancy.Users.FormsAuthUserManager</Sender>
<ServerMode>true</ServerMode>
<Version>2.44.5.21946</Version>
<Message>Loaded users successfully - there are 4 users.</Message>
<Exception>NA</Exception>
<ExceptionMessage>NA</ExceptionMessage>
<AdditionalInfo />
</LogEntry>
<LogEntry version="1.0.3">
<Id>0a267d5a-0c6a-44bf-84c2-3ef9a4fb2864_9</Id>
22-08-2019 10:16:28.258
<Type>Info</Type>
<Sender>APIConnectorWeb.Nancy.Users.FormsAuthUserManager</Sender>
<ServerMode>true</ServerMode>
<Version>2.44.5.21946</Version>
<Message>Cleared failed logons successfully.</Message>
<Exception>NA</Exception>
<ExceptionMessage>NA</ExceptionMessage>
<AdditionalInfo />
</LogEntry>
<LogEntry version="1.0.3">
<Id>0a267d5a-0c6a-44bf-84c2-3ef9a4fb2864_12</Id>
22-08-2019 10:16:29.492
<Type>Info</Type>
<Sender>QlikWebConnectors.WebBootstrap</Sender>
<ServerMode>true</ServerMode>
<Version>2.44.5.21946</Version>
Running on https://localhost:5555/
<Exception>NA</Exception>
<ExceptionMessage>NA</ExceptionMessage>
<AdditionalInfo />
</LogEntry>

4,450 Views
0 Likes